package com.xiaoy.core.base.security.login.service;

import java.util.ArrayList;
import java.util.List;

import javax.annotation.Resource;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.xiaoy.core.base.menu.entity.Menu;
import com.xiaoy.core.base.security.exception.UserDisabledException;
import com.xiaoy.core.base.security.org.entity.Org;
import com.xiaoy.core.base.security.org.service.OrgService;
import com.xiaoy.core.base.security.permissions.entity.SessionFacade;
import com.xiaoy.core.base.security.role.entity.Role;
import com.xiaoy.core.base.security.role.service.RoleService;
import com.xiaoy.core.base.security.user.entity.User;
import com.xiaoy.core.base.security.user.service.UserService;


public class ShiroDbRealm extends AuthorizingRealm{

	@Resource
	private UserService userService;
	@Resource
	private RoleService roleService;
	@Resource
	private OrgService orgService;

	/**
	 * 认证回调函数,登录时调用.
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationtoken)throws AuthenticationException {
		
		if(null==authenticationtoken){
			return null;
		}
		
		UsernamePasswordToken token = (UsernamePasswordToken) authenticationtoken;
		User user = null;
		try {
			user = userService.getByUsername(token.getUsername());
//			if (!"0".equals(user.getEffect())) {
				return new SimpleAuthenticationInfo(user, user.getPassword(),getName()); 
//			}
		} catch (UserDisabledException e) {
			e.printStackTrace();
		} catch (Exception e) {
			e.printStackTrace();
		}
		return null;
	}

	/**
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		
		User user = (User) principals.getPrimaryPrincipal();
		
		
		//User user = userService.getByUsername(shiroUser.getUsername());
		try {
			List<Org> orgs = orgService.getByUser(user.getId());
		
			// 得到组织机构继承下来的角色
			//List<Role> orgRoles = orgService.getParentOrgMergeRole();
			
			List<Role>roles = userService.getAllRoleByUserId(user.getId());
			List<Menu>menus = roleService.findMenuByRoleIds(roles);
			SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
			
			SessionFacade sf = SessionFacade.get();
			sf.setRoles(roles);
			sf.setCurrentUser(user);
			
			if (orgs.size()>0) {
				sf.setOrg(orgs.get(0));
			}
			
			
			List<String>roleReulst = new ArrayList<String>();
			List<String>menuReulst = new ArrayList<String>();
			for (Role role : roles) {
				roleReulst.add(role.getName());
			}
			for (Menu m:menus) {
				menuReulst.add(m.getName()); 
			}
			// 基于Role的权限信息
			info.addRoles(roleReulst);
			// 基于Permission的权限信息
			info.addStringPermissions(menuReulst);
			return info;
		} catch (Exception e) {
			e.printStackTrace();
			return null;
		}
	}
}
